a2a-server-config

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's server templates explicitly accept and parse arbitrary client-provided messages (e.g., POST /message in templates/python-http-server.py and templates/typescript-http-server.ts, WebSocket /ws in templates/-websocket-server.ts/.py, and SSE /events and /stream in templates/-sse-server.*), so untrusted third‑party/user-generated content is ingested and interpreted as part of normal runtime behavior.